edge01: deploy kkc wireguard tunnel (never used)

Change-Id: I5f61f00029ac9e86cd4fdcc390d16ec7fa081f51 Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1157 Reviewed-by: q3k <q3k@hackerspace.pl>
2021-10-07 18:47:51 +00:00 · 2021-10-07 18:47:51 +00:00 · a5b0c13228
parent 848db46bc0
commit a5b0c13228
1 changed files with 39 additions and 1 deletions
--- a/bgpwtf/machines/edge01.waw.bgp.wtf.nix
+++ b/bgpwtf/machines/edge01.waw.bgp.wtf.nix
@ -58,6 +58,44 @@ in rec {
    out = "/var/lib/unbound/rsh.conf";
  };

+  networking.wireguard.interfaces = {
+    wg-camp = {
+      ips = [
+        "185.236.240.68/31"
+        "2a0d:eb00:2137:1::e/127"
+      ];
+      allowedIPsAsRoutes = false;
+      listenPort = 51820;
+      generatePrivateKeyFile = true;
+      privateKeyFile = "/root/camp-wg";
+      peers = [
+        {
+          publicKey = "TbXDHeHwT4/xQ1+l4HH9EzbYUUCU4Pk/r0nsGSw+qUc=";
+          allowedIPs = [
+            "185.236.240.69/32"
+            "185.236.241.0/24"
+            "2a0d:eb00:8007::/48"
+            "2a0d:eb00:2137:1::f/128"
+          ];
+        }
+      ];
+    };
+  };
+
+  hscloud.routing.static.v6.camp = {
+    table = "aggregate";
+    address = "2a0d:eb00:8007::";
+    prefixLength = 48;
+    via = "2a0d:eb00:2137:1::f";
+  };
+  hscloud.routing.static.v4.camp = {
+    table = "aggregate";
+    address = "185.236.241.0";
+    prefixLength = 24;
+    via = "185.236.240.69";
+  };
+
+
  hscloud.renameInterfaces = {
    # Link to Nitronet CPE.
    e1-nnet.mac = "ac:1f:6b:1c:d7:ae";
@ -172,7 +210,7 @@ in rec {
  '';
  hscloud.routing.originate = {
    # WAW prefixes, exposed into internet BGP table.
-    v4.waw = { table = "internet"; address = "185.236.240.0"; prefixLength = 24; };
+    v4.waw = { table = "internet"; address = "185.236.240.0"; prefixLength = 23; };
    v6.waw = { table = "internet"; address = "2a0d:eb00::"; prefixLength = 32; };

    # Default gateway via us, exposed into aggregated table.